Lucene search
Dmitrii IgnatyevWPEX-ID:D40C7108-BAD6-4ED3-8539-35C0F57E62CCHistoryNov 13, 2023 - 12:00 a.m.
Frontend File Manager < 22.7 - Editor+ Arbitrary File Download
2023-11-1300:00:00
Dmitrii Ignatyev
27
frontend file manager
arbitrary file download
wordpress plugin
shortcode
file upload
exploit
Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php
1) Create new post with this shortcode - [ffmwp]
2) Go to new post and upload any file
3) After that go to main page of plugin for users http://your_site/wordpress/wp-admin/edit.php?post_type=wpfm-files
4) Click to "Edit" button
5) Change wpfm_dir_path and wpfm_file_url to /var/www/html/wordpress/wp-config.php
6) Go back to the main page http://your_site/wordpress/wp-admin/edit.php?post_type=wpfm-files and click "Download"Related
cve
cve
CVE-2023-5105
2023-12-04 22:15:07
wpvulndb
wpvulndb
Frontend File Manager < 22.7 - Editor+ Arbitrary File Download
2023-11-13 00:00:00
prion
prion
Design/Logic Flaw
2023-12-04 22:15:00
nvd
nvd
CVE-2023-5105
2023-12-04 22:15:07
cvelist
cvelist
CVE-2023-5105 Frontend File Manager < 22.6 - Editor+ Arbitrary File Download
2023-12-04 21:27:46
wordfence
wordfence
9.7 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.4%
Related for WPEX-ID:D40C7108-BAD6-4ED3-8539-35C0F57E62CC